diff options
| -rw-r--r-- | usr.sbin/faithd/README | 46 | ||||
| -rw-r--r-- | usr.sbin/faithd/faithd.8 | 119 | ||||
| -rw-r--r-- | usr.sbin/faithd/faithd.c | 179 | ||||
| -rw-r--r-- | usr.sbin/faithd/faithd.h | 12 | ||||
| -rw-r--r-- | usr.sbin/faithd/ftp.c | 19 | ||||
| -rw-r--r-- | usr.sbin/faithd/tcp.c | 8 |
6 files changed, 248 insertions, 135 deletions
diff --git a/usr.sbin/faithd/README b/usr.sbin/faithd/README index 2228265581d..1e308fba043 100644 --- a/usr.sbin/faithd/README +++ b/usr.sbin/faithd/README @@ -1,8 +1,8 @@ Configuring FAITH IPv6-to-IPv4 TCP relay Kazu Yamamoto and Jun-ichiro itojun Hagino -$OpenBSD: README,v 1.6 2000/07/02 09:21:50 itojun Exp $ -$KAME: README,v 1.5 2000/07/02 08:50:50 itojun Exp $ +$OpenBSD: README,v 1.7 2000/09/16 10:33:43 itojun Exp $ +$KAME: README,v 1.6 2000/07/06 13:43:33 itojun Exp $ Introduction @@ -28,12 +28,12 @@ invoked per each TCP services (TCP port number). clients IPv6 node "src" | You will have to allocate an IPv6 address prefix to map IPv4 addresses into. -The following description uses 3ffe:0501:1234:ffff:: as example. +The following description uses 3ffe:0501:ffff:0000:: as example. Please use a prefix which belongs to your site. FAITH will make it possible to make a IPv6 TCP connection From IPv6 node "src", toward IPv4 node "dest", by specifying FAITH-mapped address -3ffe:0501:1234:ffff::123.4.5.6 -(which is, 3ffe:0501:1234:ffff:0000:0000:7b04:0506). +3ffe:0501:ffff:0000::123.4.5.6 +(which is, 3ffe:0501:ffff:0000:0000:0000:7b04:0506). The address mapping can be performed by hand:-), by speical nameserver on the network, or by special resolver on the source node. @@ -42,7 +42,7 @@ Setup ===== The following example assumes: -- You have assigned 3ffe:0501:1234:ffff:: as FAITH adderss prefix. +- You have assigned 3ffe:0501:ffff:0000:: as FAITH adderss prefix. - You are willing to provide IPv6-to IPv4 TCP relay for telnet. <<On the translating router on which faithd runs>> @@ -58,8 +58,8 @@ The following example assumes: (3) Route packets toward FAITH prefix into "faith0" interface. # ifconfig faith0 up - # route add -inet6 3ffe:0501:1234:ffff:: -prefixlen 64 \ - fe80::xxxx:yyyy:zzzz:wwww%faith0 + # route add -inet6 3ffe:0501:ffff:0000:: -prefixlen 64 ::1 + # route change -inet6 3ffe:0501:ffff:0000:: -prefixlen 64 -ifp faith0 (4) Execute "faithd" by root as follows: @@ -79,6 +79,9 @@ The following example assumes: # faithd ftpd /usr/libexec/ftpd ftpd -l # faithd sshd +If inetd(8) on your platform have special support for faithd, it is possible +to setup faithd services via inetd(8). Consult manpage for details. + <<Routing>> @@ -96,7 +99,7 @@ There are two ways to translate IPv4 address to IPv6 address: (5.b) Add an entry into /etc/hosts so that you can resolve hostname into faked IPv6 addrss. For example, add the following line for www.netbsd.org: - 3ffe:0501:1234:ffff::140.160.140.252 www.netbsd.org + 3ffe:0501:ffff:0000::140.160.140.252 www.netbsd.org <<On the translating router on which faithd runs.>> @@ -108,27 +111,40 @@ in "/var/log/daemon". daemon.* /var/log/daemon +Access control +============== + +Since faithd implements TCP relaying service, it is critical to implement +proper access control to cope with malicious use. Bad guy may try to +use your relay router to circumvent access controls, or may try to +abuse your network (like sending SPAMs from IPv4 address that belong to you). +Install IPv6 packet filter directives that would reject traffic from +unwanted source. If you are using inetd-based setup, you may be able to +use access control mechanisms in inetd. + + Advanced configuration ====================== If you would like to restrict IPv4 destination for translation, you may want to do the following: - # route add -inet6 3ffe:0501:1234:ffff::123.0.0.0 -prefixlen 104 \ - -interface faith0 + # route add -inet6 3ffe:0501:ffff:0000::123.0.0.0 -prefixlen 104 ::1 + # route change -inet6 3ffe:0501:ffff:0000::123.0.0.0 -prefixlen 104 \ + -ifp faith0 By this way, you can restrict IPv4 destination to 123.0.0.0/8. -You may also want to reject packets toward 3ffe:0501:1234:ffff::/64 which -is not in 3ffe:0501:1234:ffff::123.0.0.0/104. This will be left as excerside +You may also want to reject packets toward 3ffe:0501:ffff:0000::/64 which +is not in 3ffe:0501:ffff:0000::123.0.0.0/104. This will be left as excerside for the reader. By doing this, you will be able to provide your IPv4 web server to outside IPv6 customers, without risks of unwanted open relays. - [[[[ IPv6 network outside ]]]] | + [[[[ IPv6 network outside ]]]] | | | connection node that runs FAITH-daemon (usually a router) v | - ========+======== IPv4/v6 network in your site + ========+======== IPv4/v6 network in your site | (123.0.0.0/8) IPv4 web server diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8 index d84cb3d8f2f..af7c985dc2d 100644 --- a/usr.sbin/faithd/faithd.8 +++ b/usr.sbin/faithd/faithd.8 @@ -1,5 +1,5 @@ -.\" $OpenBSD: faithd.8,v 1.7 2000/07/03 06:44:46 itojun Exp $ -.\" $KAME: faithd.8,v 1.11 2000/07/03 06:35:25 jinmei Exp $ +.\" $OpenBSD: faithd.8,v 1.8 2000/09/16 10:33:44 itojun Exp $ +.\" $KAME: faithd.8,v 1.14 2000/09/12 05:20:35 itojun Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. .\" All rights reserved. @@ -37,35 +37,20 @@ .Sh SYNOPSIS .Nm .Op Fl dp -.Op Ar service Op Ar serverpath Op Ar serverargs +.Ar service +.Op Ar serverpath Op Ar serverargs +.Nm "" .Sh DESCRIPTION .Nm -provides IPv6/v4 TCP relay for the specified -.Ar service . -.Pp +provides IPv6-to-IPv4 TCP relay. .Nm -must be invoked on IPv4/v6 dual stack router. -The router must be configured to capture all the TCP traffic -toward reserved -.Tn IPv6 -address prefix, by using -.Xr route 8 -and -.Xr sysctl 8 -commands. -.Nm -will daemonize itself on invocation. +must be used on an IPv4/v6 dual stack router. .Pp +When .Nm -will listen to +receives .Tn TCPv6 -port -.Ar service . -If -.Tn TCPv6 -traffic to port -.Ar service -is found, +traffic, .Nm will relay the .Tn TCPv6 @@ -87,20 +72,48 @@ destination address is the traffic will be relayed to IPv4 destination .Li 10.1.1.1 . .Pp -If -.Ar service -is not given, -.Li telnet -is assumed, and +To use .Nm -will relay TCP traffic on TCP port -.Li telnet . -With -.Ar service , +translation service, +an IPv6 address prefix must be reserved for mapping IPv4 addresses into. +Kernel must be properly configured to route all the TCP connection +toward the reserved IPv6 address prefix into the +.Xr faith 4 +pseudo interface, by using +.Xr route 8 +command. +Also, +.Xr sysctl 8 +should be used to configure +.Dv net.inet6.ip6.keepfaith +to +.Dv 1 . +.Pp +The router must be configured to capture all the TCP traffic +toward reserved +.Tn IPv6 +address prefix, by using +.Xr route 8 +and +.Xr sysctl 8 +commands. +.\".Ss Daemon mode +When +.Nm +.\"is invoked as a standalone program, +is invoked, .Nm -will work as TCP relaying daemon for specified +will daemonize itself. +.Nm +will listen to +.Tn TCPv6 +port +.Ar service . +If +.Tn TCPv6 +traffic to port .Ar service -as described above. +is found, it relays the connection. .Pp Since .Nm @@ -125,23 +138,6 @@ You can also specify .Ar serverargs for the arguments for the local daemon. .Pp -To use -.Nm -translation service, -an IPv6 address prefix must be reserved for mapping IPv4 addresses into. -Kernel must be properly configured to route all the TCP connection -toward the reserved IPv6 address prefix into the -.Dv faith -pseudo interface, by using -.Xr route 8 -command. -Also, -.Xr sysctl 8 -should be used to configure -.Dv net.inet6.ip6.keepfaith -to -.Dv 1 . -.Pp If .Fl d is given, debugging information will be generated using @@ -191,7 +187,15 @@ Before invoking .Nm Ns , .Xr faith 4 interface has to be configured properly. -.Pp +.Bd -literal -offset +# sysctl -w net.inet6.ip6.accept_rtadv=0 +# sysctl -w net.inet6.ip6.forwarding=1 +# sysctl -w net.inet6.ip6.keepfaith=1 +# ifconfig faith0 up +# route add -inet6 3ffe:501:4819:ffff:: -prefixlen 96 ::1 +# route change -inet6 3ffe:501:4819:ffff:: -prefixlen 96 -ifp faith0 +.Ed +.\".Ss Daemon mode samples To translate .Li telnet service, and provide no local telnet service, invoke @@ -206,7 +210,7 @@ If you would like to provide local telnet service via .Xr telnetd 8 on .Pa /usr/libexec/telnetd , -user the following command line: +use the following command line: .Bd -literal -offset # faithd telnet /usr/libexec/telnetd telnetd .Ed @@ -216,7 +220,10 @@ If you would like to pass extra arguments to the local daemon: # faithd ftpd /usr/libexec/ftpd ftpd -l .Ed .Pp -Here are some other examples: +Here are some other examples. +You may need +.Fl p +to translate rsh/rlogin services. .Bd -literal -offset # faithd sshd # faithd login /usr/libexec/rlogin rlogind diff --git a/usr.sbin/faithd/faithd.c b/usr.sbin/faithd/faithd.c index 640b6534f60..b5673d3e8e3 100644 --- a/usr.sbin/faithd/faithd.c +++ b/usr.sbin/faithd/faithd.c @@ -1,5 +1,5 @@ -/* $OpenBSD: faithd.c,v 1.7 2000/07/05 17:23:13 deraadt Exp $ */ -/* $KAME: faithd.c,v 1.18 2000/05/31 03:06:07 itojun Exp $ */ +/* $OpenBSD: faithd.c,v 1.8 2000/09/16 10:33:45 itojun Exp $ */ +/* $KAME: faithd.c,v 1.29 2000/09/12 05:20:35 itojun Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. @@ -34,7 +34,7 @@ * User level translator from IPv6 to IPv4. * * Usage: faithd [<port> <progpath> <arg1(progname)> <arg2> ...] - * e.g. faithd telnet /usr/local/v6/sbin/telnetd telnetd + * e.g. faithd telnet /usr/libexec/telnetd telnetd */ #define HAVE_GETIFADDRS @@ -102,8 +102,13 @@ static int sockfd = 0; #endif int dflag = 0; static int pflag = 0; +static int inetd = 0; int main __P((int, char **)); +#if 0 +static int inetd_main __P((int, char **)); +#endif +static int daemon_main __P((int, char **)); static void play_service __P((int)); static void play_child __P((int, struct sockaddr *)); static int faith_prefix __P((struct sockaddr *)); @@ -114,6 +119,7 @@ static int map4to6 __P((struct sockaddr_in *, struct sockaddr_in6 *)); static void sig_child __P((int)); static void sig_terminate __P((int)); static void start_daemon __P((void)); +static void exit_stderr __P((const char *, ...)); #ifndef HAVE_GETIFADDRS static unsigned int if_maxindex __P((void)); #endif @@ -123,15 +129,8 @@ static void update_myaddrs __P((void)); static void usage __P((void)); int -main(int argc, char *argv[]) +main(int argc, char **argv) { - struct addrinfo hints, *res; - int s_wld, error, i, serverargc, on = 1; - int family = AF_INET6; - int c; -#ifdef FAITH_NS - char *ns; -#endif /* FAITH_NS */ /* * Initializing stuff @@ -143,6 +142,93 @@ main(int argc, char *argv[]) else faithdname = argv[0]; +#if 0 + if (strcmp(faithdname, "faithd") != 0) { + inetd = 1; + return inetd_main(argc, argv); + } else + return daemon_main(argc, argv); +#else + return daemon_main(argc, argv); +#endif +} + +#if 0 +static int +inetd_main(int argc, char **argv) +{ + char path[MAXPATHLEN]; + struct sockaddr_storage me; + struct sockaddr_storage from; + int melen, fromlen; + int i; + int error; + const int on = 1; + char sbuf[NI_MAXSERV], snum[NI_MAXSERV]; + + if (strrchr(argv[0], '/') == NULL) + snprintf(path, sizeof(path), "%s/%s", DEFAULT_DIR, argv[0]); + else + snprintf(path, sizeof(path), "%s", argv[0]); + +#ifdef USE_ROUTE + grab_myaddrs(); + + sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC); + if (sockfd < 0) { + exit_failure("socket(PF_ROUTE): %s", ERRSTR); + /*NOTREACHED*/ + } +#endif + + melen = sizeof(me); + if (getsockname(STDIN_FILENO, (struct sockaddr *)&me, &melen) < 0) + exit_failure("getsockname"); + fromlen = sizeof(from); + if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) + exit_failure("getpeername"); + if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, + sbuf, sizeof(sbuf), NI_NUMERICHOST) == 0) + service = sbuf; + else + service = DEFAULT_PORT_NAME; + if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, + snum, sizeof(snum), NI_NUMERICHOST) != 0) + snprintf(snum, sizeof(snum), "?"); + + snprintf(logname, sizeof(logname), "faithd %s", snum); + snprintf(procname, sizeof(procname), "accepting port %s", snum); + openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); + + if (argc >= MAXARGV) + exit_failure("too many arguments"); + serverarg[0] = serverpath = path; + for (i = 1; i < argc; i++) + serverarg[i] = argv[i]; + serverarg[i] = NULL; + + error = setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &on, + sizeof(on)); + if (error < 0) + exit_failure("setsockopt(SO_OOBINLINE): %s", ERRSTR); + + play_child(STDIN_FILENO, (struct sockaddr *)&from); + exit_failure("should not reach here"); + return 0; /*dummy!*/ +} +#endif + +static int +daemon_main(int argc, char **argv) +{ + struct addrinfo hints, *res; + int s_wld, error, i, serverargc, on = 1; + int family = AF_INET6; + int c; +#ifdef FAITH_NS + char *ns; +#endif /* FAITH_NS */ + while ((c = getopt(argc, argv, "dp46")) != -1) { switch (c) { case 'd': @@ -161,7 +247,7 @@ main(int argc, char *argv[]) #endif default: usage(); - break; + /*NOTREACHED*/ } } argc -= optind; @@ -191,15 +277,12 @@ main(int argc, char *argv[]) switch (argc) { case 0: - serverpath = DEFAULT_PATH; - serverarg[0] = DEFAULT_NAME; - serverarg[1] = NULL; - service = DEFAULT_PORT_NAME; - break; + usage(); + /*NOTREACHED*/ default: serverargc = argc - NUMARG; - if (serverargc > MAXARGV) - exit_error("too many augments"); + if (serverargc >= MAXARGV) + exit_stderr("too many arguments"); serverpath = malloc(strlen(argv[NUMPRG]) + 1); strcpy(serverpath, argv[NUMPRG]); @@ -225,17 +308,17 @@ main(int argc, char *argv[]) hints.ai_protocol = 0; error = getaddrinfo(NULL, service, &hints, &res); if (error) - exit_error("getaddrinfo: %s", gai_strerror(error)); + exit_stderr("getaddrinfo: %s", gai_strerror(error)); s_wld = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s_wld == -1) - exit_error("socket: %s", ERRSTR); + exit_stderr("socket: %s", ERRSTR); #ifdef IPV6_FAITH if (res->ai_family == AF_INET6) { error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_FAITH, &on, sizeof(on)); if (error == -1) - exit_error("setsockopt(IPV6_FAITH): %s", ERRSTR); + exit_stderr("setsockopt(IPV6_FAITH): %s", ERRSTR); } #endif #ifdef FAITH4 @@ -243,31 +326,31 @@ main(int argc, char *argv[]) if (res->ai_family == AF_INET) { error = setsockopt(s_wld, IPPROTO_IP, IP_FAITH, &on, sizeof(on)); if (error == -1) - exit_error("setsockopt(IP_FAITH): %s", ERRSTR); + exit_stderr("setsockopt(IP_FAITH): %s", ERRSTR); } #endif #endif /* FAITH4 */ error = setsockopt(s_wld, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); if (error == -1) - exit_error("setsockopt(SO_REUSEADDR): %s", ERRSTR); + exit_stderr("setsockopt(SO_REUSEADDR): %s", ERRSTR); error = setsockopt(s_wld, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on)); if (error == -1) - exit_error("setsockopt(SO_OOBINLINE): %s", ERRSTR); + exit_stderr("setsockopt(SO_OOBINLINE): %s", ERRSTR); error = bind(s_wld, (struct sockaddr *)res->ai_addr, res->ai_addrlen); if (error == -1) - exit_error("bind: %s", ERRSTR); + exit_stderr("bind: %s", ERRSTR); error = listen(s_wld, 5); if (error == -1) - exit_error("listen: %s", ERRSTR); + exit_stderr("listen: %s", ERRSTR); #ifdef USE_ROUTE sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC); if (sockfd < 0) { - exit_error("socket(PF_ROUTE): %s", ERRSTR); + exit_stderr("socket(PF_ROUTE): %s", ERRSTR); /*NOTREACHED*/ } #endif @@ -284,7 +367,7 @@ main(int argc, char *argv[]) syslog(LOG_INFO, "Staring faith daemon for %s port", service); play_service(s_wld); - /*NOTRECHED*/ + /* NOTREACHED */ exit(1); /*pacify gcc*/ } @@ -388,10 +471,12 @@ play_child(int s_src, struct sockaddr *srcaddr) * Local service */ syslog(LOG_INFO, "executing local %s", serverpath); - dup2(s_src, 0); - close(s_src); - dup2(0, 1); - dup2(0, 2); + if (!inetd) { + dup2(s_src, 0); + close(s_src); + dup2(0, 1); + dup2(0, 2); + } execv(serverpath, serverarg); syslog(LOG_ERR, "execv %s: %s", serverpath, ERRSTR); _exit(EXIT_FAILURE); @@ -410,7 +495,7 @@ play_child(int s_src, struct sockaddr *srcaddr) if (!map6to4((struct sockaddr_in6 *)&dstaddr6, (struct sockaddr_in *)&dstaddr4)) { close(s_src); - exit_error("map6to4 failed"); + exit_failure("map6to4 failed"); } syslog(LOG_INFO, "translating from v6 to v4"); break; @@ -419,14 +504,14 @@ play_child(int s_src, struct sockaddr *srcaddr) if (!map4to6((struct sockaddr_in *)&dstaddr6, (struct sockaddr_in6 *)&dstaddr4)) { close(s_src); - exit_error("map4to6 failed"); + exit_failure("map4to6 failed"); } syslog(LOG_INFO, "translating from v4 to v6"); break; #endif default: close(s_src); - exit_error("family not supported"); + exit_failure("family not supported"); /*NOTREACHED*/ } @@ -459,14 +544,14 @@ play_child(int s_src, struct sockaddr *srcaddr) error = setsockopt(s_dst, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on)); if (error == -1) - exit_error("setsockopt(SO_OOBINLINE): %s", ERRSTR); + exit_failure("setsockopt(SO_OOBINLINE): %s", ERRSTR); error = setsockopt(s_src, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); if (error == -1) - exit_error("setsockopt(SO_SNDTIMEO): %s", ERRSTR); + exit_failure("setsockopt(SO_SNDTIMEO): %s", ERRSTR); error = setsockopt(s_dst, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); if (error == -1) - exit_error("setsockopt(SO_SNDTIMEO): %s", ERRSTR); + exit_failure("setsockopt(SO_SNDTIMEO): %s", ERRSTR); error = connect(s_dst, sa4, sa4->sa_len); if (error == -1) @@ -505,7 +590,7 @@ faith_prefix(struct sockaddr *dst) mib[3] = IPV6CTL_FAITH_PREFIX; size = sizeof(struct in6_addr); if (sysctl(mib, 4, &faith_prefix, &size, NULL, 0) < 0) - exit_error("sysctl: %s", ERRSTR); + exit_failure("sysctl: %s", ERRSTR); if (memcmp(dst, &faith_prefix, sizeof(struct in6_addr) - sizeof(struct in_addr) == 0) { @@ -572,7 +657,7 @@ map6to4(struct sockaddr_in6 *dst6, struct sockaddr_in *dst4) if (dst4->sin_addr.s_addr == INADDR_ANY || dst4->sin_addr.s_addr == INADDR_BROADCAST - || IN_MULTICAST(dst4->sin_addr.s_addr)) + || IN_MULTICAST(ntohl(dst4->sin_addr.s_addr))) return 0; return 1; @@ -618,7 +703,7 @@ sig_child(int sig) pid_t pid; pid = wait3(&status, WNOHANG, (struct rusage *)0); - if (pid && status) + if (pid && WEXITSTATUS(status)) syslog(LOG_WARNING, "child %d exit status 0x%x", pid, status); } @@ -633,7 +718,7 @@ static void start_daemon(void) { if (daemon(0, 0) == -1) - exit_error("daemon: %s", ERRSTR); + exit_stderr("daemon: %s", ERRSTR); if (signal(SIGCHLD, sig_child) == SIG_ERR) exit_failure("signal CHLD: %s", ERRSTR); @@ -642,8 +727,8 @@ start_daemon(void) exit_failure("signal TERM: %s", ERRSTR); } -void -exit_error(const char *fmt, ...) +static void +exit_stderr(const char *fmt, ...) { va_list ap; char buf[BUFSIZ]; @@ -651,7 +736,7 @@ exit_error(const char *fmt, ...) va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); - fprintf(stderr, "%s\n", buf); + fprintf(stderr, "%s", buf); exit(EXIT_FAILURE); } @@ -900,7 +985,7 @@ update_myaddrs() static void usage() { - fprintf(stderr, "usage: %s [-dp] [service [serverpath [serverargs]]]\n", + fprintf(stderr, "usage: %s [-dp] service [serverpath [serverargs]]\n", faithdname); exit(0); } diff --git a/usr.sbin/faithd/faithd.h b/usr.sbin/faithd/faithd.h index 829dbac0f12..954a1600d74 100644 --- a/usr.sbin/faithd/faithd.h +++ b/usr.sbin/faithd/faithd.h @@ -1,5 +1,5 @@ -/* $OpenBSD: faithd.h,v 1.3 2000/05/31 03:09:22 itojun Exp $ */ -/* $KAME: faithd.h,v 1.2 2000/05/31 03:06:07 itojun Exp $ */ +/* $OpenBSD: faithd.h,v 1.4 2000/09/16 10:33:45 itojun Exp $ */ +/* $KAME: faithd.h,v 1.5 2000/07/28 07:34:27 itojun Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. @@ -39,13 +39,13 @@ extern int ftp_active __P((int, int, int *, int *)); extern int ftp_passive __P((int, int, int *, int *)); extern void rsh_relay __P((int, int)); extern void rsh_dual_relay __P((int, int)); -extern void exit_error __P((const char *fmt, ...)); -extern void exit_success __P((const char *fmt, ...)); -extern void exit_failure __P((const char *fmt, ...)); +extern void exit_success __P((const char *, ...)); +extern void exit_failure __P((const char *, ...)); #define DEFAULT_PORT_NAME "telnet" -#define DEFAULT_PATH "/usr/libexec/telnetd" +#define DEFAULT_DIR "/usr/libexec" #define DEFAULT_NAME "telnetd" +#define DEFAULT_PATH (DEFAULT_DIR "/" DEFAULT_NAME) #define FTP_PORT 21 #define RLOGIN_PORT 513 diff --git a/usr.sbin/faithd/ftp.c b/usr.sbin/faithd/ftp.c index 83c2511768d..b02bae41a0a 100644 --- a/usr.sbin/faithd/ftp.c +++ b/usr.sbin/faithd/ftp.c @@ -1,5 +1,5 @@ -/* $OpenBSD: ftp.c,v 1.3 2000/05/31 03:09:22 itojun Exp $ */ -/* $KAME: ftp.c,v 1.7 2000/05/31 03:06:07 itojun Exp $ */ +/* $OpenBSD: ftp.c,v 1.4 2000/09/16 10:33:45 itojun Exp $ */ +/* $KAME: ftp.c,v 1.10 2000/09/14 00:23:39 itojun Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. @@ -448,7 +448,10 @@ ftp_copyresult(int src, int dst, enum state state) #endif case LPSV: case EPSV: - /* expecting "227 Entering Passive Mode (x,x,x,x,x,x,x)" */ + /* + * expecting "227 Entering Passive Mode (x,x,x,x,x,x,x)" + * (in some cases result comes without paren) + */ if (code != 227) { passivefail0: close(wport6); @@ -468,11 +471,12 @@ passivefail0: * PASV result -> LPSV/EPSV result */ p = param; - while (*p && *p != '(') + while (*p && *p != '(' && !isdigit(*p)) /*)*/ p++; if (!*p) goto passivefail0; /*XXX*/ - p++; + if (*p == '(') /*)*/ + p++; n = sscanf(p, "%u,%u,%u,%u,%u,%u", &ho[0], &ho[1], &ho[2], &ho[3], &po[0], &po[1]); if (n != 6) @@ -509,7 +513,7 @@ passivefail: error = setsockopt(wport6, IPPROTO_IPV6, IPV6_FAITH, &on, sizeof(on)); if (error == -1) - exit_error("setsockopt(IPV6_FAITH): %s", ERRSTR); + exit_failure("setsockopt(IPV6_FAITH): %s", ERRSTR); } #endif error = bind(wport6, (struct sockaddr *)sin6, sin6->sin6_len); @@ -594,7 +598,7 @@ passivefail1: * EPSV result -> PORT result */ p = param; - while (*p && *p != '(') + while (*p && *p != '(') /*)*/ p++; if (!*p) goto passivefail1; /*XXX*/ @@ -919,6 +923,7 @@ eprtparamfail: } memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; error = getaddrinfo(hostp, portp, &hints, &res); if (error) { n = snprintf(sbuf, sizeof(sbuf), diff --git a/usr.sbin/faithd/tcp.c b/usr.sbin/faithd/tcp.c index c009260652e..343ae238cfc 100644 --- a/usr.sbin/faithd/tcp.c +++ b/usr.sbin/faithd/tcp.c @@ -1,5 +1,5 @@ -/* $OpenBSD: tcp.c,v 1.3 2000/05/31 03:09:22 itojun Exp $ */ -/* $KAME: tcp.c,v 1.2 2000/05/31 03:06:07 itojun Exp $ */ +/* $OpenBSD: tcp.c,v 1.4 2000/09/16 10:33:46 itojun Exp $ */ +/* $KAME: tcp.c,v 1.4 2000/07/28 08:05:00 itojun Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. @@ -92,9 +92,9 @@ sig_child(int sig) pid_t pid; pid = wait3(&status, WNOHANG, (struct rusage *)0); - if (pid && status) + if (pid && WEXITSTATUS(status)) syslog(LOG_WARNING, "child %d exit status 0x%x", pid, status); - exit_failure("terminate connection due to child termination"); + exit_success("terminate connection due to child termination"); } static void |